The Reader: WhatsApp Hack Shows up Tech Industry Failings

E’VE had decades of attacks similar to the one affecting WhatsApp via the IRC and ICQ systems [“Alert for 1.5bn WhatsApp users as hackers ‘take over’ phones,” May 14]. There’s nothing fundamentally new here: an application running on your device has significant access to the device and your personal data, and attackers can therefore remotely send you “code” via the app. This boils down to three main failings:

1) Not learning the lessons of the past, from previous attacks using instant messaging and communications clients.

2) Lack of access control within mobile devices, and app developers grabbing extra access privileges to support their business model over the end user’s privacy and security.

3) An application that implements cryptography and security which has never been put up to public scrutiny.

Device manufacturers have failed users by not providing simple, clear controls of their data and security.
Tom Kranz​
Cyber lab Director, 6point6

EDITOR'S REPLY

Dear Tom

WHATSAPP’s ubiquity across devices means people feel an anxiety about their phones being vulnerable to infiltration which they didn’t have with the old-school web chat services you reference.

The number of victims is unknown but the fact that those who tech executives called “bad actors” could buy means to access your device without leaving a trace is chilling.

“Clear controls” are important but attend any security expo and you will see an industry that is devoted to cracking encrypted software and locked phones.

WhatsApp users should update as soon as possible or try other messaging platforms. But a wider worry is billions of usernames, passwords and emails exposed in multiple corporate database breaches, from TalkTalk to Dropbox.

People can check their email address on haveibeenpwned.com to see if they were affected.

Mark Blunden, Tech correspondent